cvs diff: Diffing .
cvs diff: Diffing modules
cvs diff: Diffing modules/cvslog
cvs diff: Diffing modules/cvslog/xcvs
Index: modules/cvslog/xcvs/xcvs-config.php
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/cvslog/xcvs/xcvs-config.php,v
retrieving revision 1.1.2.3.2.2
diff -u -p -r1.1.2.3.2.2 xcvs-config.php
--- modules/cvslog/xcvs/xcvs-config.php	3 Nov 2006 20:59:25 -0000	1.1.2.3.2.2
+++ modules/cvslog/xcvs/xcvs-config.php	3 Nov 2006 22:43:44 -0000
@@ -113,6 +113,12 @@ $xcvs['tag_directory'] = array();
 // Boolean to specify if users should be allowed to delete tags.
 $xcvs['allow_tag_removal'] = TRUE;
 
+// Boolean to specify if users should be allowed to delete or move
+// tags that have release nodes pointing to them. This assumes that
+// you are using at least version 4.7.x-2.* of project.module and 
+// have release nodes on your site.
+$xcvs['prevent_release_tag_changes'] = TRUE;
+
 // Boolean to specify if tags should be disabled while historical 
 // information is imported into the database. Only set this to TRUE
 // if you are going to run xcvs-import-tags.php. You can customize the
@@ -176,6 +182,13 @@ $xcvs['tag_delete_denied_message'] = <<<
 
 EOF;
 
+$xcvs['release_tag_in_use_message'] = <<<EOF
+** ERROR: You are not allowed to delete or move tags that have 
+** release nodes pointing to them. "%tag" is being used by 
+** http://[your_site_here]/node/%nid
+
+EOF;
+
 $xcvs['tag_import_message'] = <<<EOF
 ** ERROR: CVS tag operations are currently disabled while 
 ** historical branch and tag informating is being imported.
Index: modules/cvslog/xcvs/xcvs-db.php
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/cvslog/xcvs/xcvs-db.php,v
retrieving revision 1.1.4.1
diff -u -p -r1.1.4.1 xcvs-db.php
--- modules/cvslog/xcvs/xcvs-db.php	3 Nov 2006 20:52:32 -0000	1.1.4.1
+++ modules/cvslog/xcvs/xcvs-db.php	3 Nov 2006 22:43:45 -0000
@@ -10,28 +10,29 @@
 */
 
 /**
- * Returns a MySQL connection with the right DB selected. All other
+ * Opens a MySQL connection with the right DB selected. All other
  * methods in this file (except for xcvs_always_allow(), by design)
- * require that this method has been called first. This is step is
- * usually handled by xcvs_db_check_write_access(), which sets up and
- * closes the connection.
+ * require that this method has been called first.
  */
 function xcvs_db_connect($xcvs) {
-  $url = parse_url($xcvs['db_url']);
-  // Allow for non-standard MySQL port.
-  if (isset($url['port'])) {
-    $url['host'] = $url['host'] .':'. $url['port'];
-  }
-  $connection = mysql_connect($url['host'], $url['user'], $url['pass']);
-  mysql_select_db(substr($url['path'], 1));
-  return $connection;
+  static $db_conn;
+  if (!isset($db_conn)) {
+    $url = parse_url($xcvs['db_url']);
+    // Allow for non-standard MySQL port.
+    if (isset($url['port'])) {
+      $url['host'] = $url['host'] .':'. $url['port'];
+    }
+    $db_conn = mysql_connect($url['host'], $url['user'], $url['pass']);
+    mysql_select_db(substr($url['path'], 1));
+  }
+  return $db_conn;
 }
 
 /**
  * Returns the numeric drupal uid for the given cvs username
  */
 function xcvs_db_get_drupal_uid($user) {
-  $result = mysql_query("SELECT uid FROM cvs_accounts WHERE name = '". mysql_escape_string($user) ."'");
+  $result = mysql_query("SELECT uid FROM cvs_accounts WHERE name = '". mysql_real_escape_string($user) ."'");
   if ($result && mysql_num_rows($result) > 0) {
     $uid = mysql_result($result, 0);
   }
@@ -58,7 +59,7 @@ function xcvs_db_get_drupal_project_nid(
     while (count($parts) > 1) {
       $project_dir = '/'. implode('/', $parts) . '/';
       array_pop($parts);
-      $project = mysql_query("SELECT n.nid FROM cvs_projects cp INNER JOIN node n ON n.nid = cp.nid WHERE n.status = 1 AND cp.rid = ". $xcvs[cvs_repo_id] ." AND cp.directory = '". mysql_escape_string($project_dir) ."'");
+      $project = mysql_query("SELECT n.nid FROM cvs_projects cp INNER JOIN node n ON n.nid = cp.nid WHERE n.status = 1 AND cp.rid = ". $xcvs[cvs_repo_id] ." AND cp.directory = '". mysql_real_escape_string($project_dir) ."'");
       if ($project && mysql_num_rows($project) > 0) {
         return $nids[$file] = mysql_result($project, 0);
       }
@@ -77,17 +78,15 @@ function xcvs_db_get_drupal_project_nid(
  * question.
  * 
  * The real work of this method is performed by another function.
- * This is mostly a wrapper to handle the DB connection, and calling
- * exit() if there was an error (see _xcvs_db_check_write_access() for
- * possible values).
+ * This is a wrapper to handle calling exit() if there was an error
+ * (see _xcvs_db_check_write_access() for possible values).
  *
  * @return
  *   0 on success, exit() with non-zero on error.
  */
 function xcvs_db_check_write_access($user, $file, $op, $xcvs) {
-  $connection = xcvs_db_connect($xcvs);
+  xcvs_db_connect($xcvs);
   $result = _xcvs_db_check_write_access($user, $file, $op, $xcvs);
-  mysql_close($connection);
   if ($result) {
     exit($result);
   }
@@ -145,7 +144,7 @@ function _xcvs_db_check_write_access($us
  * Determines if the user is the owner of the given project.
  */
 function xcvs_db_is_owner($uid, $nid) {
-  $project = mysql_query("SELECT nid, uid FROM node WHERE nid = " . $nid ." AND uid = " . $uid);
+  $project = mysql_query("SELECT nid, uid FROM node WHERE nid = " . (int)$nid ." AND uid = " . (int)$uid);
   if ($project && mysql_num_rows($project) > 0) {
     return TRUE;
   }
@@ -156,7 +155,7 @@ function xcvs_db_is_owner($uid, $nid) {
  * Determines if the user is a CVS maintainer for the given project. 
  */
 function xcvs_db_is_maintainer($uid, $nid) {
-  $project = mysql_query("SELECT * FROM cvs_project_maintainers WHERE nid = " . $nid ." AND uid = " . $uid);
+  $project = mysql_query("SELECT * FROM cvs_project_maintainers WHERE nid = " . (int)$nid ." AND uid = " . (int)$uid);
   if ($project && mysql_num_rows($project) > 0) {
     return TRUE;
   }
@@ -172,6 +171,18 @@ function xcvs_db_is_cvs_superuser($uid) 
   return FALSE;
 }
 
+function xcvs_db_check_release_tag($dir, $tag, $op, $xcvs) {
+  // Make sure we're connected, just to be safe.
+  xcvs_db_connect($xcvs);
+  $project_nid = xcvs_db_get_drupal_project_nid($dir, $xcvs);
+  $query = mysql_query("SELECT nid FROM project_release_nodes WHERE pid = " . (int)$project_nid ." AND tag = '" . mysql_real_escape_string($tag) . "'");
+  if ($query && mysql_num_rows($query) > 0) {
+    $release = mysql_fetch_object($query);
+    print strtr($xcvs['release_tag_in_use_message'], array('%tag' => $tag, '%nid' => $release->nid));
+    exit(4);
+  }
+}
+
 /**
  * Determines if the given user is on the whitelist of users that are
  * automatically granted all cvs powers, even if the Drupal DB is
Index: modules/cvslog/xcvs/xcvs-taginfo.php
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/cvslog/xcvs/xcvs-taginfo.php,v
retrieving revision 1.1.2.2.2.2
diff -u -p -r1.1.2.2.2.2 xcvs-taginfo.php
--- modules/cvslog/xcvs/xcvs-taginfo.php	3 Nov 2006 20:59:25 -0000	1.1.2.2.2.2
+++ modules/cvslog/xcvs/xcvs-taginfo.php	3 Nov 2006 22:43:45 -0000
@@ -186,6 +186,12 @@ function xcvs_init($argc, $argv) {
     if ($xcvs['db_access_check']) {
       xcvs_db_check_write_access($user, $dir, 'tag', $xcvs);
     }
+
+    // if we made it this far, make sure they're not trying to
+    // delete/move a tag that has a release node pointing to it
+    if (($op=='mov' || $op=='del') && $xcvs['prevent_release_tag_changes']) {
+      xcvs_db_check_release_tag($dir, $tag, $op, $xcvs);
+    }
   }
 
   // If we got this far, we're going to allow the tag...